[Wouter Verhelst] > At any rate, a PGP signature takes a lot of data; much more so than > a checksum. It's therefore more economical to produce a signed > package.checksums file than it is to produce a package.pgpsigs.
Huh? Since asymmetric cryptography is so computationally expensive, PGP never signs the payload directly. Instead, the payload is hashed and then the hash is signed. So it is not (noticeably) more economical to sign foo.md5sums than to sign the whole data.tar.gz. [Same goes for encrypting: PGP encrypts with a conventional block cipher like AES and a randomly generated key, then encrypts the _key_ using RSA. Again, this is for efficiency.] Or is this not what you meant? I'm confused. > And since checksum files are generated at build time rather than at > install time, it is possible to download a known-good copy of the > .deb that is installed (using snapshot.debian.org, once it gets live, > for instance, or from a not-compromised host's apt cache), and verify > the files against that copy rather than the copy that is on the disk. If you're going to the trouble to download a .deb, why bother with signatures at all? Why not just compare the full text directly? If you have a .deb on a different host and don't want to transfer the entire thing over the network, well, no reason you can't do your SHA16384 on both ends, and transfer only the hashes at that time. -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100310171331.gt18...@p12n.org
